Register of contracts

Last update: 29 November 2024

Controller
Oy Hangö-Hanko Logistics Ab (Business ID: 1849046-6) Hemming Elfvingintie 5 10960 Hangö, Finland

Contact
Bo Isaksson
bo.isaksson@hankologistics.fi
+358 (0)40 0896073

Legal basis for processing
Legitimate interest

Purpose of processing personal data
The purpose of the register is to manage, maintain, archive and process contracts with customers and other stakeholders and to maintain customer relationships.

The data may be used to develop the controller's business, for statistical purposes and to provide more personalised and targeted content. Personal data will be processed within the framework of applicable data protection legislation.

The information in the register may be used internally, for example for targeted advertising, and may not be disclosed to third parties. The organisation may use partners to maintain customer and service relationships, which may require the transfer of some register data to the partner's servers for technical reasons.

Data is only processed through technical interfaces to maintain customer relationships.

Legitimate interest
The controller needs to process personal data in order to carry out its business tasks. The processing cannot always be justified by legal obligations or contracts with the individual.

The balancing of interests has shown that legitimate interest is an appropriate ground, taking into account the nature and scope of the processing and the rights and freedoms of data subjects.

It has been assessed that processing in the legitimate interest will not cause serious harm to the rights or freedoms of data subjects.

Personal data groups
Name, organisation represented, contact details and agreed matters.
Recipients and groups of recipients
Staff of the organisation and, where appropriate, external partners (financial management, IT, recovery, etc.).

Contents of the register
The register of contracts contains the following information:

- First name and surname

- Represented organisation

- Company number

- Email address

- Postal address

- Phone number

- Subscribed services

- Other business-related contracts

Regular sources of information
Telephone and other electronic means of communication.

Information may also be obtained from subcontractors involved in the provision or use of the service.

Additional information may be obtained from partner websites, information systems or other digital sources, which the user logs into through an electronic invitation (link), cookies or user codes.

The register is used only by the controller, except when an external service provider is used for value added services or credit assessment.

Information is not disclosed to third parties or partners, except in connection with credit applications, debt collection, billing or where required by law. Personal data will be deleted upon request, unless prohibited by law, outstanding invoices or collection processes.

Retention period
The data will be kept for 10 years after the end of the contract.

Regular information
The register is used only by the controller, except where external service providers are used for value added services or credit decisions.

Information is not disclosed to third parties, except for credit applications, collection, billing or as required by law. Personal data will be deleted upon request, unless there are legal obstacles.

Transfer outside the EU/EEA
Data is not regularly transferred outside the EU/EEA. However, it is possible that service providers outside the EU/EEA are used or their cloud services are located there. In such cases, standard contractual clauses (SCCs) are used, as well as other safeguards such as internal guidelines (e.g. pseudonymisation) and, where appropriate, transfer impact assessments (TIAs).

If the provider is subject to the EU-US Data Protection Framework (DPF) agreement, this will be used as a basis for transfer during the period of validity.

Protection Policy A: Manually collected data
After initial processing, contact information and other manually collected data are stored in locked and fire-safe premises. Manually stored data may only be processed by designated employees who are bound by a confidentiality agreement.

Security Policy B: Electronic Data
Only designated employees of the organisation and its service providers are authorised to access and maintain the contract register. Each user has a personal user ID and has signed a confidentiality agreement.

The system has a firewall that prevents unauthorised access to the system.

All data processing is carried out in accordance with applicable data protection laws, regulatory requirements and good data processing practices.

Cookies
We use cookies on our website. A cookie is a small text file that is sent to and stored on a user's device. Cookies do not harm the user's computer or files. Cookies are used to improve and personalise the user experience and to analyse and improve the functionality and content of the website.

The information obtained from cookies can also be used to target communications and marketing and to optimise marketing. The visitor cannot be identified by cookies alone. However, information from cookies may be combined with other information provided by the user, for example when filling in forms.

Cookies are collected:

- IP address

- Date of visit

- Pages viewed and viewing time

- Web scrollers

Your rights
You can change your cookie settings at any time via the cookie banner. Some browsers also allow you to disable or remove cookies.

Blocking cookies may affect the functioning of the website.

Right of access
You have the right to check what information is stored about you. Requests must be made in writing or to a verifiable email address.

Right to object
You have the right to object to processing for direct marketing, distance selling or surveys by contacting Customer Service.

Right to data portability
You have the right to transfer your data to another system by contacting the controller.

Right of rectification
Inaccurate, unnecessary, incomplete or outdated information must be corrected, deleted or completed. Requests must be made in writing, signed or sent to a verified e-mail address.

The request must specify what information needs to be corrected and why. Corrections will be made without delay. The person who provided or received the incorrect information shall be informed. Reasons for refusal shall be given in writing. The matter may be referred to the EDPS.

Right to restriction of processing
You can request restriction of processing, for example if the data is incorrect. Please contact the person responsible.

Right to erasure
You have the right to request access, rectification or deletion of your data. If you act as a contact person for the organisation, data cannot be deleted during this period.

Right to complain

If you believe that your data has been processed unlawfully, you can lodge a complaint with a supervisory authority. You can also do this in the country where you live or work.

Contact details of the Finnish Data Protection Officer:

Visiting address: Lintulahdenkuja 4, 00530 Helsinki.

Postal address: PB 800, 00531 Helsinki

Phone number: +358 29 566 6700.

Registry: +358 29 566 6768

Email: tietosuoja@om.fi

www.tietosuoja.fi

Other rights
You have the right to object to the use of your data for direct marketing purposes, to request anonymisation if necessary and to be completely forgotten after the end of the contract.